Entheniel Skrevet 4. januar 2008 Del Skrevet 4. januar 2008 okei, ikke min logg, men han som har den har ikke bruker her, så. Blir glad om noen gidder sjekke for meg! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\Programfiler\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\DOCUME~1\Ruben\LOKALE~1\Temp\clclean.0001 C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\RunDLL32.exe C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe C:\Programfiler\McAfee\MSK\MskAgent.exe C:\Programfiler\SiteAdvisor\6253\SiteAdv.exe C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programfiler\Fellesfiler\Logitech\LCD Manager\Applets\LCDPOP3.exe C:\Programfiler\Fellesfiler\Logitech\LCD Manager\Applets\LCDClock.exe C:\Programfiler\Fellesfiler\Logitech\LCD Manager\Applets\LCDMedia.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\stsystra.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programfiler\Logitech\SetPoint\KEM.exe C:\Programfiler\Logitech\SetPoint\KHALMNPR.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Programfiler\Maxtor\Sync\SyncServices.exe C:\Programfiler\Fellesfiler\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\programfiler\fellesfiler\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\FELLES~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Programfiler\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\Programfiler\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\SiteAdvisor\6253\SAService.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\McAfee\MPS\mpsevh.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\Programfiler\Fellesfiler\Creative Labs Shared\Service\CreativeLicensing.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Azureus\Azureus.exe C:\WINDOWS\explorer.exe C:\Programfiler\Maxtor\OneTouch Status\MaxMenuMgr.exe C:\Programfiler\VideoLAN\VLC\vlc.exe C:\PROGRA~1\Grisoft\AVG7\avgwb.dat C:\Programfiler\Opera\Opera.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programfiler\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\programfiler\mcafee\virusscan\scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programfiler\SiteAdvisor\6253\SiteAdv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [iAAnotif] C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [CTSysVol] C:\Programfiler\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [VoiceCenter] "C:\Programfiler\Creative\VoiceCenter\AndreaVC.exe" /tray O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [MskAgentexe] C:\Programfiler\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [siteAdvisor] C:\Programfiler\SiteAdvisor\6253\SiteAdv.exe O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\RealOneMessageCenter.exe" -osboot O4 - HKLM\..\Run: [mxomssmenu] "C:\Programfiler\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [MATH DOES FIRST MODE] C:\Documents and Settings\All Users\Programdata\live 64 math does\Boob funk.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Drv Name] C:\DOCUME~1\Ruben\PROGRA~1\FILMLO~1\forbasemeet.exe O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Programfiler\Video ActiveX Access\iesmn.exe O4 - HKCU\..\Policies\Explorer\Run: [{74E07418-0BB0-1044-0419-06022306002f}] "C:\Programfiler\Fellesfiler\{74E07418-0BB0-1044-0419-06022306002f}\Update.exe" mc-110-12-0001411 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\KEM.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Ruben\Start-meny\Programmer\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {A9DAD15A-365E-494D-9D41-8A0BB80007B0} (ArcticShell control) - http://www.arcticpigs.com/activex/mayhem.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O23 - Service: McAfee Application Installer Cleanup (0039491199448476) (0039491199448476mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP03949~1.EXE O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Programfiler\Fellesfiler\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FELLES~1\McAfee\EmProxy\emproxy.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Unknown owner - C:\Programfiler\iPod\bin\iPodService.exe (file missing) O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Programfiler\Maxtor\Sync\SyncServices.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programfiler\Fellesfiler\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programfiler\fellesfiler\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programfiler\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Programfiler\McAfee\MSK\MskSrver.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Programfiler\SiteAdvisor\6253\SAService.exe -- End of file - 13929 bytes Lenke til kommentar
norbat Skrevet 4. januar 2008 Del Skrevet 4. januar 2008 Hent NoLop.exe, legg det på skrivebordet. Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen. Start HJT, velg "Do a system scan only", sette merke framfor følgende linjer og klikk Fix checked: O4 - HKLM\..\Run: [MATH DOES FIRST MODE] C:\Documents and Settings\All Users\Programdata\live 64 math does\Boob funk.exe O4 - HKCU\..\Run: [Drv Name] C:\DOCUME~1\Ruben\PROGRA~1\FILMLO~1\forbasemeet.exe O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Programfiler\Video ActiveX Access\iesmn.exe O4 - HKCU\..\Policies\Explorer\Run: [{74E07418-0BB0-1044-0419-06022306002f}] "C:\Programfiler\Fellesfiler\{74E07418-0BB0-1044-0419-06022306002f}\Update.exe" mc-110-12-0001411 Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
Entheniel Skrevet 4. januar 2008 Forfatter Del Skrevet 4. januar 2008 ComboFix 08-01-04.1 - Ruben 2008-01-04 17:08:05.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1450 [GMT 1:00] Running from: C:\Documents and Settings\Ruben\Skrivebord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programfiler\Fellesfiler\{34E07~1 C:\Programfiler\Fellesfiler\{74E07~1 C:\WINDOWS\system32\UpMedia J:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))) . 2008-01-04 17:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-04 16:55 . 2008-01-04 17:01 <DIR> d-------- C:\NoLopBackups 2008-01-04 15:40 . 2008-01-04 15:40 <DIR> d-------- C:\Programfiler\Trend Micro 2008-01-03 15:09 . 2008-01-04 13:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-03 15:09 . 2008-01-03 15:09 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-03 12:44 . 2008-01-03 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\live 64 math does 2008-01-02 18:55 . 2008-01-02 18:55 <DIR> d-------- C:\Programfiler\Ventrilo 2008-01-02 18:54 . 2008-01-02 18:54 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-01-02 18:27 . 2008-01-02 18:27 <DIR> d-------- C:\Programfiler\Maxtor 2008-01-02 18:27 . 2008-01-02 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Maxtor 2008-01-02 18:26 . 2008-01-02 18:26 <DIR> d-------- C:\Programfiler\MSXML 6.0 2008-01-01 23:41 . 2008-01-01 23:41 <DIR> d-------- C:\Programfiler\Fellesfiler\Skype 2008-01-01 23:41 . 2008-01-04 13:59 <DIR> d-------- C:\Documents and Settings\Ruben\Programdata\skypePM 2008-01-01 23:41 . 2008-01-01 23:41 32 --a------ C:\Documents and Settings\All Users\Programdata\ezsid.dat 2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-12-05 17:59 . 2007-12-05 18:03 <DIR> d-------- C:\Programfiler\Fellesfiler\Totem Shared 2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-12-04 02:33 . 2007-12-04 02:33 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-12-04 02:33 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\DivX.dll 2007-12-04 02:33 . 2007-12-04 02:33 630,784 --a------ C:\WINDOWS\system32\divxdec.ax . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-04 16:02 --------- d-----w C:\Programfiler\McAfee 2008-01-04 15:59 --------- d-----w C:\Documents and Settings\Ruben\Programdata\Azureus 2008-01-04 14:22 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg7 2008-01-04 13:20 --------- d-----w C:\Documents and Settings\Ruben\Programdata\Skype 2008-01-03 11:49 --------- d-----w C:\Documents and Settings\Ruben\Programdata\filmloudcity 2008-01-02 23:30 --------- d-----w C:\Documents and Settings\Ruben\Programdata\Hamachi 2008-01-02 17:56 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2008-01-02 17:27 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-01-01 22:31 --------- d-----w C:\Documents and Settings\Ruben\Programdata\Activision 2008-01-01 21:57 --------- d-----w C:\Programfiler\Azureus 2008-01-01 21:29 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-01-01 20:37 --------- d-----w C:\Documents and Settings\Ruben\Programdata\ZoomBrowser EX 2008-01-01 20:36 --------- d-----w C:\Documents and Settings\All Users\Programdata\ZoomBrowser 2008-01-01 12:19 --------- d-----w C:\Programfiler\Messenger Plus! Live 2007-12-31 17:41 --------- d-----w C:\Programfiler\SiteAdvisor 2007-12-13 21:43 --------- d-----w C:\Documents and Settings\Ruben\Programdata\LimeWire 2007-12-12 19:51 --------- d-----w C:\Programfiler\DivX 2007-12-10 12:21 --------- d-----w C:\Documents and Settings\LocalService\Programdata\SiteAdvisor 2007-12-09 13:48 --------- d-----w C:\Programfiler\Sony Ericsson 2007-12-09 13:48 --------- d-----w C:\Programfiler\Fellesfiler\Teleca Shared 2007-12-07 22:21 --------- d-----w C:\Programfiler\Windows Live 2007-12-07 22:16 --------- d-----w C:\Programfiler\Electronic Arts 2007-12-05 09:53 --------- d-----w C:\Programfiler\EA GAMES 2007-12-01 18:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\Firefly Studios 2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-11-22 21:03 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2007-11-22 21:00 --------- d-----w C:\Programfiler\Opera 2007-11-21 19:21 --------- d-----w C:\Programfiler\Disc2Phone 2007-11-14 18:49 --------- d-----w C:\Programfiler\World of Warcraft 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-10 20:20 --------- d-----w C:\Documents and Settings\Ruben\Programdata\dvdcss 2007-10-31 11:46 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-10-30 23:30 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:44 8,466,432 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-10-10 23:54 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-10-10 23:53 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-10-10 23:53 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-10-10 23:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-10-10 23:53 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-10-10 23:53 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-10-10 23:53 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-10-10 23:53 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-10-10 23:53 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-10-10 23:53 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-10-10 23:53 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-10-10 23:53 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll 2007-10-10 23:53 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll 2007-10-10 23:53 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll 2007-10-10 23:53 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-10-10 11:02 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-10-10 11:02 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-08-29 17:38 32 ----a-r C:\Documents and Settings\All Users\hash.dat 2007-07-26 20:12 52,329,617 ----a-w C:\Documents and Settings\Ruben\WoW-2.1.3.6898-to-0.2.0.6932-enGB-patch.exe 2007-04-25 21:49 311,384,068 ----a-w C:\Documents and Settings\Ruben\WoW-2.0.12.6546-to-0.1.0.6577-enGB-patch.exe 2007-03-25 10:29 40 ----a-w C:\Documents and Settings\Ruben\language.dat 2006-07-11 12:41 8 -csh--r C:\WINDOWS\system32\B782F673F5.sys 2006-09-11 12:42 56 -csh--r C:\WINDOWS\system32\F573F682B7.sys 2007-02-03 23:23 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 20:51 7323648] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "IAAnotif"="C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56 139264] "DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12 94208] "CTSysVol"="C:\Programfiler\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 09:47 57344] "MBMon"="CTMBHA.DLL" [2005-05-19 08:54 1345520 C:\WINDOWS\system32\CTMBHA.DLL] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112] "VoiceCenter"="C:\Programfiler\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 07:42 1159168] "ISUSPM Startup"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 12:28 29696 C:\WINDOWS\KHALMNPR.Exe] "mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [ ] "PD0620 STISvc"="P0620Pin.dll" [2005-05-10 18:03 36864 C:\WINDOWS\system32\P0620Pin.dll] "Launch LGDCore"="C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" [2006-11-09 13:10 1126400] "MskAgentexe"="C:\Programfiler\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30 152144] "SiteAdvisor"="C:\Programfiler\SiteAdvisor\6253\SiteAdv.exe" [2007-02-09 18:18 36904] "Launch LCDMon"="C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe" [2006-11-09 12:45 549376] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33 122941] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-04-27 08:41 282624] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-31 17:07 579072] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "MsgCenterExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\RealOneMessageCenter.exe" [ ] "mxomssmenu"="C:\Programfiler\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 14:53 169264] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 11:34 219136] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 14:36:42] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\KEM.exe [2006-07-11 12:09:45] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" R2 Maxtor Sync Service;Maxtor Service;C:\Programfiler\Maxtor\Sync\SyncServices.exe [2007-09-28 12:24] S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2003-05-07 15:54] S3 PPDrv;Protector Plus Driver (UnRegistered);C:\Programfiler\Protector Plus\PPDrv.sys [] S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [] S4 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 23:07] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2007-12-15 01:07:12 C:\WINDOWS\Tasks\McDefragTask.job" - c:\programfiler\mcafee\mqc\QcConsol.exe' "2008-01-01 00:00:17 C:\WINDOWS\Tasks\McQcTask.job" - c:\programfiler\mcafee\mqc\QcConsol.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-04 17:12:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\\Programfiler\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\Programfiler\Logitech\SetPoint\lgscroll.dll . Completion time: 2008-01-04 17:13:25 ComboFix-quarantined-files.txt 2008-01-04 16:13:22 . 2008-01-02 19:40:33 --- E O F --- Lenke til kommentar
norbat Skrevet 4. januar 2008 Del Skrevet 4. januar 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Folder:: C:\Documents and Settings\All Users\Programdata\live 64 math does C:\Programfiler\Fellesfiler\Totem Shared C:\NoLopBackups Post loggen + ny hjt-logg Vet du hvilken mappe dette er og evt. hvilke filer ligger i mappa? C:\Documents and Settings\Ruben\Programdata\filmloudcity Porblemet du ditt kan ha kommet av programmet Messenger Plus! Live. Har du det installert bør du vurdere om du skal avinstallere det. Lenke til kommentar
Entheniel Skrevet 4. januar 2008 Forfatter Del Skrevet 4. januar 2008 ny HJT-logg: Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Programfiler\Maxtor\Sync\SyncServices.exe C:\Programfiler\Fellesfiler\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\programfiler\fellesfiler\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\FELLES~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Programfiler\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\Programfiler\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\SiteAdvisor\6253\SAService.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\McAfee\MPS\mpsevh.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\Programfiler\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe C:\Programfiler\McAfee\MSK\MskAgent.exe C:\Programfiler\SiteAdvisor\6253\SiteAdv.exe C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Fellesfiler\Logitech\LCD Manager\Applets\LCDPOP3.exe C:\Programfiler\Fellesfiler\Logitech\LCD Manager\Applets\LCDClock.exe C:\Programfiler\Fellesfiler\Logitech\LCD Manager\Applets\LCDMedia.exe C:\Programfiler\Maxtor\OneTouch Status\maxmenumgr.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programfiler\Logitech\SetPoint\KEM.exe C:\Programfiler\Logitech\SetPoint\KHALMNPR.EXE C:\WINDOWS\System32\svchost.exe C:\Programfiler\Opera\Opera.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Windows Media Player\wmplayer.exe C:\WINDOWS\explorer.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programfiler\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\programfiler\mcafee\virusscan\scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programfiler\SiteAdvisor\6253\SiteAdv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [iAAnotif] C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [CTSysVol] C:\Programfiler\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [VoiceCenter] "C:\Programfiler\Creative\VoiceCenter\AndreaVC.exe" /tray O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [MskAgentexe] C:\Programfiler\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [siteAdvisor] C:\Programfiler\SiteAdvisor\6253\SiteAdv.exe O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\RealOneMessageCenter.exe" -osboot O4 - HKLM\..\Run: [mxomssmenu] "C:\Programfiler\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Drv Name] C:\DOCUME~1\Ruben\PROGRA~1\FILMLO~1\forbasemeet.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\KEM.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Ruben\Start-meny\Programmer\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {A9DAD15A-365E-494D-9D41-8A0BB80007B0} (ArcticShell control) - http://www.arcticpigs.com/activex/mayhem.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Programfiler\Fellesfiler\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FELLES~1\McAfee\EmProxy\emproxy.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Unknown owner - C:\Programfiler\iPod\bin\iPodService.exe (file missing) O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Programfiler\Maxtor\Sync\SyncServices.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programfiler\Fellesfiler\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programfiler\fellesfiler\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programfiler\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Programfiler\McAfee\MSK\MskSrver.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Programfiler\SiteAdvisor\6253\SAService.exe -- End of file - 13170 bytes Ny combofix-logg: ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Programdata\live 64 math does C:\Documents and Settings\All Users\Programdata\live 64 math does\Boob funk.exe C:\NoLopBackups C:\NoLopBackups\A78B74A89208EDE0.job.01.infected C:\Programfiler\Fellesfiler\Totem Shared C:\Programfiler\Fellesfiler\Totem Shared\Update\Advertising.dll.053 C:\Programfiler\Fellesfiler\Totem Shared\Update\Bpk.dll.143 C:\Programfiler\Fellesfiler\Totem Shared\Update\Distribution.dll.056 C:\Programfiler\Fellesfiler\Totem Shared\Update\FavoriteLinks.dll.076 C:\Programfiler\Fellesfiler\Totem Shared\Update\FreeSamples.dll.048 C:\Programfiler\Fellesfiler\Totem Shared\Update\msvcr70.dll.010 C:\Programfiler\Fellesfiler\Totem Shared\Update\music.dll.027 C:\Programfiler\Fellesfiler\Totem Shared\Update\Network.dll.068 C:\Programfiler\Fellesfiler\Totem Shared\Update\Newsletters.dll.023 C:\Programfiler\Fellesfiler\Totem Shared\Update\ScreenSaver2.dll.025 C:\Programfiler\Fellesfiler\Totem Shared\Update\System.dll.094 C:\Programfiler\Fellesfiler\Totem Shared\Update\TotemDx.dll.020 C:\Programfiler\Fellesfiler\Totem Shared\Update\Update.dll.074 C:\Programfiler\Fellesfiler\Totem Shared\Update\Windows.dll.082 C:\Programfiler\Fellesfiler\Totem Shared\Update\WindowsEx.dll.051 . ((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))) . 2008-01-04 17:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-04 15:40 . 2008-01-04 15:40 <DIR> d-------- C:\Programfiler\Trend Micro 2008-01-03 15:09 . 2008-01-04 13:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-03 15:09 . 2008-01-03 15:09 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-02 18:55 . 2008-01-02 18:55 <DIR> d-------- C:\Programfiler\Ventrilo 2008-01-02 18:54 . 2008-01-02 18:54 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-01-02 18:27 . 2008-01-02 18:27 <DIR> d-------- C:\Programfiler\Maxtor 2008-01-02 18:27 . 2008-01-02 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Maxtor 2008-01-02 18:26 . 2008-01-02 18:26 <DIR> d-------- C:\Programfiler\MSXML 6.0 2008-01-01 23:41 . 2008-01-01 23:41 <DIR> d-------- C:\Programfiler\Fellesfiler\Skype 2008-01-01 23:41 . 2008-01-04 13:59 <DIR> d-------- C:\Documents and Settings\Ruben\Programdata\skypePM 2008-01-01 23:41 . 2008-01-01 23:41 32 --a------ C:\Documents and Settings\All Users\Programdata\ezsid.dat 2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-12-04 02:33 . 2007-12-04 02:33 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-12-04 02:33 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\DivX.dll 2007-12-04 02:33 . 2007-12-04 02:33 630,784 --a------ C:\WINDOWS\system32\divxdec.ax . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-04 16:02 --------- d-----w C:\Programfiler\McAfee 2008-01-04 15:59 --------- d-----w C:\Documents and Settings\Ruben\Programdata\Azureus 2008-01-04 14:22 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg7 2008-01-04 13:20 --------- d-----w C:\Documents and Settings\Ruben\Programdata\Skype 2008-01-03 11:49 --------- d-----w C:\Documents and Settings\Ruben\Programdata\filmloudcity 2008-01-02 23:30 --------- d-----w C:\Documents and Settings\Ruben\Programdata\Hamachi 2008-01-02 17:56 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2008-01-02 17:27 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-01-01 22:31 --------- d-----w C:\Documents and Settings\Ruben\Programdata\Activision 2008-01-01 21:57 --------- d-----w C:\Programfiler\Azureus 2008-01-01 21:29 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-01-01 20:37 --------- d-----w C:\Documents and Settings\Ruben\Programdata\ZoomBrowser EX 2008-01-01 20:36 --------- d-----w C:\Documents and Settings\All Users\Programdata\ZoomBrowser 2008-01-01 12:19 --------- d-----w C:\Programfiler\Messenger Plus! Live 2007-12-31 17:41 --------- d-----w C:\Programfiler\SiteAdvisor 2007-12-13 21:43 --------- d-----w C:\Documents and Settings\Ruben\Programdata\LimeWire 2007-12-12 19:51 --------- d-----w C:\Programfiler\DivX 2007-12-10 12:21 --------- d-----w C:\Documents and Settings\LocalService\Programdata\SiteAdvisor 2007-12-09 13:48 --------- d-----w C:\Programfiler\Sony Ericsson 2007-12-09 13:48 --------- d-----w C:\Programfiler\Fellesfiler\Teleca Shared 2007-12-07 22:21 --------- d-----w C:\Programfiler\Windows Live 2007-12-07 22:16 --------- d-----w C:\Programfiler\Electronic Arts 2007-12-05 09:53 --------- d-----w C:\Programfiler\EA GAMES 2007-12-01 18:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\Firefly Studios 2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-11-22 21:03 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2007-11-22 21:00 --------- d-----w C:\Programfiler\Opera 2007-11-21 19:21 --------- d-----w C:\Programfiler\Disc2Phone 2007-11-14 18:49 --------- d-----w C:\Programfiler\World of Warcraft 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-10 20:20 --------- d-----w C:\Documents and Settings\Ruben\Programdata\dvdcss 2007-10-31 11:46 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-10-30 23:30 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:44 8,466,432 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-10-10 23:54 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-10-10 23:53 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-10-10 23:53 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-10-10 23:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-10-10 23:53 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-10-10 23:53 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-10-10 23:53 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-10-10 23:53 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-10-10 23:53 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-10-10 23:53 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-10-10 23:53 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-10-10 23:53 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll 2007-10-10 23:53 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll 2007-10-10 23:53 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll 2007-10-10 23:53 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-10-10 11:02 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-10-10 11:02 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-08-29 17:38 32 ----a-r C:\Documents and Settings\All Users\hash.dat 2007-07-26 20:12 52,329,617 ----a-w C:\Documents and Settings\Ruben\WoW-2.1.3.6898-to-0.2.0.6932-enGB-patch.exe 2007-04-25 21:49 311,384,068 ----a-w C:\Documents and Settings\Ruben\WoW-2.0.12.6546-to-0.1.0.6577-enGB-patch.exe 2007-03-25 10:29 40 ----a-w C:\Documents and Settings\Ruben\language.dat 2006-07-11 12:41 8 -csh--r C:\WINDOWS\system32\B782F673F5.sys 2006-09-11 12:42 56 -csh--r C:\WINDOWS\system32\F573F682B7.sys 2007-02-03 23:23 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360] "msnmsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2008-01-01 22:44 5724184] "Drv Name"="C:\DOCUME~1\Ruben\PROGRA~1\FILMLO~1\forbasemeet.exe" [2008-01-03 12:48 399360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 20:51 7323648] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "IAAnotif"="C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56 139264] "DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12 94208] "CTSysVol"="C:\Programfiler\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 09:47 57344] "MBMon"="CTMBHA.DLL" [2005-05-19 08:54 1345520 C:\WINDOWS\system32\CTMBHA.DLL] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112] "VoiceCenter"="C:\Programfiler\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 07:42 1159168] "ISUSPM Startup"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 12:28 29696 C:\WINDOWS\KHALMNPR.Exe] "mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [ ] "PD0620 STISvc"="P0620Pin.dll" [2005-05-10 18:03 36864 C:\WINDOWS\system32\P0620Pin.dll] "Launch LGDCore"="C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" [2006-11-09 13:10 1126400] "MskAgentexe"="C:\Programfiler\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30 152144] "SiteAdvisor"="C:\Programfiler\SiteAdvisor\6253\SiteAdv.exe" [2007-02-09 18:18 36904] "Launch LCDMon"="C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe" [2006-11-09 12:45 549376] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33 122941] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-04-27 08:41 282624] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-31 17:07 579072] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "MsgCenterExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\RealOneMessageCenter.exe" [ ] "mxomssmenu"="C:\Programfiler\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 14:53 169264] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 11:34 219136] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 14:36:42] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\KEM.exe [2006-07-11 12:09:45] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" R2 Maxtor Sync Service;Maxtor Service;C:\Programfiler\Maxtor\Sync\SyncServices.exe [2007-09-28 12:24] S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2003-05-07 15:54] S3 PPDrv;Protector Plus Driver (UnRegistered);C:\Programfiler\Protector Plus\PPDrv.sys [] S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [] S4 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 23:07] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2007-12-15 01:07:12 C:\WINDOWS\Tasks\McDefragTask.job" - c:\programfiler\mcafee\mqc\QcConsol.exe' "2008-01-01 00:00:17 C:\WINDOWS\Tasks\McQcTask.job" - c:\programfiler\mcafee\mqc\QcConsol.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-04 17:42:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\\Programfiler\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe" . Completion time: 2008-01-04 17:43:08 ComboFix-quarantined-files.txt 2008-01-04 16:42:59 ComboFix2.txt 2008-01-04 16:13:25 . 2008-01-02 19:40:33 --- E O F --- Han aner ikke hvor mappa er fra eller noe, innhold i den: forbasemeet, internet 4 keep, ogalyfhl, osubttwk Lenke til kommentar
norbat Skrevet 4. januar 2008 Del Skrevet 4. januar 2008 Ok, Fix følgende linje med HJT: O4 - HKCU\..\Run: [Drv Name] C:\DOCUME~1\Ruben\PROGRA~1\FILMLO~1\forbasemeet.exe Åpne notisblokk igjen og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Har forutsatt at vedkommende har avinstaller Messenger Plus. Hvis ikke vedkommende ønsker dette, må du fjerne linja under som er markert med rødt. Folder:: C:\Documents and Settings\Ruben\Programdata\filmloudcity C:\Programfiler\Messenger Plus! Live Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Drv Name"=- Ønsker å se combofix-loggen en siste gang. Lenke til kommentar
Entheniel Skrevet 4. januar 2008 Forfatter Del Skrevet 4. januar 2008 ok, ny logg: ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Ruben\Programdata\filmloudcity C:\Documents and Settings\Ruben\Programdata\filmloudcity\0 C:\Documents and Settings\Ruben\Programdata\filmloudcity\1EBD0C9 C:\Documents and Settings\Ruben\Programdata\filmloudcity\forbasemeet.exe C:\Documents and Settings\Ruben\Programdata\filmloudcity\internet 4 keep.exe C:\Documents and Settings\Ruben\Programdata\filmloudcity\ogalyfhl.exe C:\Documents and Settings\Ruben\Programdata\filmloudcity\osubttwk.exe . ((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))) . 2008-01-04 17:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-04 15:40 . 2008-01-04 15:40 <DIR> d-------- C:\Programfiler\Trend Micro 2008-01-03 15:09 . 2008-01-04 13:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-03 15:09 . 2008-01-03 15:09 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-02 18:55 . 2008-01-02 18:55 <DIR> d-------- C:\Programfiler\Ventrilo 2008-01-02 18:54 . 2008-01-02 18:54 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-01-02 18:27 . 2008-01-02 18:27 <DIR> d-------- C:\Programfiler\Maxtor 2008-01-02 18:27 . 2008-01-02 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Maxtor 2008-01-02 18:26 . 2008-01-02 18:26 <DIR> d-------- C:\Programfiler\MSXML 6.0 2008-01-01 23:41 . 2008-01-01 23:41 <DIR> d-------- C:\Programfiler\Fellesfiler\Skype 2008-01-01 23:41 . 2008-01-04 13:59 <DIR> d-------- C:\Documents and Settings\Ruben\Programdata\skypePM 2008-01-01 23:41 . 2008-01-01 23:41 32 --a------ C:\Documents and Settings\All Users\Programdata\ezsid.dat 2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-12-04 02:33 . 2007-12-04 02:33 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-12-04 02:33 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\DivX.dll 2007-12-04 02:33 . 2007-12-04 02:33 630,784 --a------ C:\WINDOWS\system32\divxdec.ax . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-04 16:02 --------- d-----w C:\Programfiler\McAfee 2008-01-04 15:59 --------- d-----w C:\Documents and Settings\Ruben\Programdata\Azureus 2008-01-04 14:22 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg7 2008-01-04 13:20 --------- d-----w C:\Documents and Settings\Ruben\Programdata\Skype 2008-01-02 23:30 --------- d-----w C:\Documents and Settings\Ruben\Programdata\Hamachi 2008-01-02 17:56 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2008-01-02 17:27 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-01-01 22:31 --------- d-----w C:\Documents and Settings\Ruben\Programdata\Activision 2008-01-01 21:57 --------- d-----w C:\Programfiler\Azureus 2008-01-01 21:29 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-01-01 20:37 --------- d-----w C:\Documents and Settings\Ruben\Programdata\ZoomBrowser EX 2008-01-01 20:36 --------- d-----w C:\Documents and Settings\All Users\Programdata\ZoomBrowser 2008-01-01 12:19 --------- d-----w C:\Programfiler\Messenger Plus! Live 2007-12-31 17:41 --------- d-----w C:\Programfiler\SiteAdvisor 2007-12-13 21:43 --------- d-----w C:\Documents and Settings\Ruben\Programdata\LimeWire 2007-12-12 19:51 --------- d-----w C:\Programfiler\DivX 2007-12-10 12:21 --------- d-----w C:\Documents and Settings\LocalService\Programdata\SiteAdvisor 2007-12-09 13:48 --------- d-----w C:\Programfiler\Sony Ericsson 2007-12-09 13:48 --------- d-----w C:\Programfiler\Fellesfiler\Teleca Shared 2007-12-07 22:21 --------- d-----w C:\Programfiler\Windows Live 2007-12-07 22:16 --------- d-----w C:\Programfiler\Electronic Arts 2007-12-05 09:53 --------- d-----w C:\Programfiler\EA GAMES 2007-12-01 18:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\Firefly Studios 2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-11-22 21:03 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2007-11-22 21:00 --------- d-----w C:\Programfiler\Opera 2007-11-21 19:21 --------- d-----w C:\Programfiler\Disc2Phone 2007-11-14 18:49 --------- d-----w C:\Programfiler\World of Warcraft 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-31 11:46 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-10-30 23:30 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:44 8,466,432 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-10-10 23:54 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-10-10 23:53 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-10-10 23:53 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-10-10 23:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-10-10 23:53 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-10-10 23:53 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-10-10 23:53 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-10-10 23:53 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-10-10 23:53 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-10-10 23:53 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-10-10 23:53 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-10-10 23:53 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll 2007-10-10 23:53 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll 2007-10-10 23:53 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll 2007-10-10 23:53 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-10-10 11:02 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-10-10 11:02 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-08-29 17:38 32 ----a-r C:\Documents and Settings\All Users\hash.dat 2007-07-26 20:12 52,329,617 ----a-w C:\Documents and Settings\Ruben\WoW-2.1.3.6898-to-0.2.0.6932-enGB-patch.exe 2007-04-25 21:49 311,384,068 ----a-w C:\Documents and Settings\Ruben\WoW-2.0.12.6546-to-0.1.0.6577-enGB-patch.exe 2007-03-25 10:29 40 ----a-w C:\Documents and Settings\Ruben\language.dat 2006-07-11 12:41 8 -csh--r C:\WINDOWS\system32\B782F673F5.sys 2006-09-11 12:42 56 -csh--r C:\WINDOWS\system32\F573F682B7.sys 2007-02-03 23:23 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360] "msnmsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2008-01-01 22:44 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 20:51 7323648] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "IAAnotif"="C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56 139264] "DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12 94208] "CTSysVol"="C:\Programfiler\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 09:47 57344] "MBMon"="CTMBHA.DLL" [2005-05-19 08:54 1345520 C:\WINDOWS\system32\CTMBHA.DLL] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112] "VoiceCenter"="C:\Programfiler\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 07:42 1159168] "ISUSPM Startup"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 12:28 29696 C:\WINDOWS\KHALMNPR.Exe] "mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [ ] "PD0620 STISvc"="P0620Pin.dll" [2005-05-10 18:03 36864 C:\WINDOWS\system32\P0620Pin.dll] "Launch LGDCore"="C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" [2006-11-09 13:10 1126400] "MskAgentexe"="C:\Programfiler\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30 152144] "SiteAdvisor"="C:\Programfiler\SiteAdvisor\6253\SiteAdv.exe" [2007-02-09 18:18 36904] "Launch LCDMon"="C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe" [2006-11-09 12:45 549376] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33 122941] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-04-27 08:41 282624] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-31 17:07 579072] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "MsgCenterExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\RealOneMessageCenter.exe" [ ] "mxomssmenu"="C:\Programfiler\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 14:53 169264] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 11:34 219136] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 14:36:42] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\KEM.exe [2006-07-11 12:09:45] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" R2 Maxtor Sync Service;Maxtor Service;C:\Programfiler\Maxtor\Sync\SyncServices.exe [2007-09-28 12:24] S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2003-05-07 15:54] S3 PPDrv;Protector Plus Driver (UnRegistered);C:\Programfiler\Protector Plus\PPDrv.sys [] S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [] S4 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 23:07] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2007-12-15 01:07:12 C:\WINDOWS\Tasks\McDefragTask.job" - c:\programfiler\mcafee\mqc\QcConsol.exe' "2008-01-01 00:00:17 C:\WINDOWS\Tasks\McQcTask.job" - c:\programfiler\mcafee\mqc\QcConsol.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-04 18:19:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\\Programfiler\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe" . Completion time: 2008-01-04 18:19:44 ComboFix-quarantined-files.txt 2008-01-04 17:19:41 ComboFix2.txt 2008-01-04 16:43:08 ComboFix3.txt 2008-01-04 16:13:25 . 2008-01-02 19:40:33 --- E O F --- Lenke til kommentar
norbat Skrevet 4. januar 2008 Del Skrevet 4. januar 2008 Da ser det bra ut. Som en siste opprydding kan man gjøre følgende: Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Last ned SAS (gratisversjonen), installer, oppdater og kjør en full (Complete) scan. Nullstill gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Om man ikke gjør de to første punktene, så gjør i allefall den siste med å nullstille systemgjenopprettingsmappa. Oppleves problemet som løst og kjører PC-en ok? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå